U.S. intelligence analysts have concluded that Russian military spy hackers were behind a cyberattack on a satellite broadband service that disrupted Ukraine’s military communications at the start of the war last month, according to U.S. officials familiar with the matter.
President Biden on Monday warned U.S. businesses that they needed to maintain vigilance in light of “evolving intelligence” that the Russians are “exploring options” for potential cyberattacks. Several federal government agencies have highlighted protective security measures that companies can put in place to protect against such attacks.
The Russian military spy service, the GRU, was behind the compromise, officials said, speaking on the condition of anonymity because of the matter’s sensitivity.
The GRU has a history of malicious cyber operations against Ukraine, which borders Russia and which President Vladimir Putin views as within Russia’s sphere of influence. The GRU hacked Ukraine’s Central Election Commission in 2014 and its energy grid in 2015 and 2016, knocking out power in portions of the country in both instances.
Last month, before the invasion, a senior Biden administration official said Russian government hackers had probably broadly penetrated Ukrainian military, energy and other critical computer networks to collect intelligence and position themselves to potentially disrupt the systems.
The recent outages, which began Feb. 24 — the day Russia invaded Ukraine — resulted from the hack of satellite modems belonging to tens of thousands of people in Ukraine and other countries in Europe, according to an official with the U.S. firm Viasat, headquartered in Carlsbad, Calif. Agencies affected included civilians as well as Ukraine’s military and other government agencies, according to Ukrainian officials.
The modems were part of Viasat’s European satellite network, KA-SAT. The company uses distributors in Europe to sell Internet service, which relies on modems, to customers. The company is shipping new modems to the distributors so they can get them to affected customers, the official said.
Asked this week whether Ukraine knew who was behind the attack, Victor Zhora, deputy head of the State Service of Special Communications and Information Protection, Ukraine’s main cybersecurity agency, said: “We don’t need to attribute it since we have obvious evidence that it was organized by Russian hackers to disrupt the connection between customers that use this satellite system.”
He added: “Of course, they were targeting the potential of [the] Ukrainian military forces first as this happened just before the invasion.”
Earlier this month, Zhora described the impact of the sabotage as “a really huge loss in communications in the very beginning of war.”
Dmitri Alperovitch, a cyber expert and chairman of the Silverado Policy Accelerator think tank, said satellite communications “have been used extensively by Ukrainian military not just for command and control of forces but also for tactical missions such as use of drones against Russian armor.”
Said Alperovitch: “We can’t know for sure, but this KA-SAT attack may have had a serious impact on degrading Ukrainian military capabilities at the outset of the war.’’